Click here to Skip to main content
15,881,757 members
Search within:


Articles / Web Development / HTML
 

.NET CLR Injection: Modify IL Code during Run-time

Rate me:
Please Sign up or sign in to vote.
4.98/5 (240 votes)
7 Aug 2014LGPL310 min read 592.9K   18.4K   352  
Modify methods' IL codes on runtime even if they have been JIT-compiled, supports release mode / x64 & x86, and variants of .NET versions, from 2.0 to 4.5.
 
/*
    EasyHook - The reinvention of Windows API hooking
 
    Copyright (C) 2009 Christoph Husse

    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
    License as published by the Free Software Foundation; either
    version 2.1 of the License, or (at your option) any later version.

    This library is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    Lesser General Public License for more details.

    You should have received a copy of the GNU Lesser General Public
    License along with this library; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA

    Please visit http://www.codeplex.com/easyhook for more information
    about the project and latest updates.
*/
#include "stdafx.h"

BOOL RtlFileExists(WCHAR* InPath)
{
    HANDLE          hFile;

    if((hFile = CreateFileW(InPath, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL)) == INVALID_HANDLE_VALUE)
        return FALSE;

    CloseHandle(hFile);

    return TRUE;
}

LONG RtlGetWorkingDirectory(WCHAR* OutPath, ULONG InMaxLength)
{
    NTSTATUS            NtStatus;
    LONG            Index;

    Index = GetModuleFileName(NULL, OutPath, InMaxLength);

    if(GetLastError() == ERROR_INSUFFICIENT_BUFFER)
        THROW(STATUS_BUFFER_TOO_SMALL, L"The given buffer is too small.");

    // remove file name...
    for(Index--; Index >= 0; Index--)
    {
        if(OutPath[Index] == '\\')
        {
            OutPath[Index + 1] = 0;

            break;
        }
    }

    RETURN;

THROW_OUTRO:
FINALLY_OUTRO:
    return NtStatus;
}

LONG RtlGetCurrentModulePath(WCHAR* OutPath, ULONG InMaxLength)
{
    NTSTATUS            NtStatus;

    GetModuleFileName(hCurrentModule, OutPath, InMaxLength);

    if(GetLastError() == ERROR_INSUFFICIENT_BUFFER)
        THROW(STATUS_BUFFER_TOO_SMALL, L"The given buffer is too small.");

    RETURN;

THROW_OUTRO:
FINALLY_OUTRO:
    return NtStatus;
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The GNU Lesser General Public License (LGPLv3)


Written By
Jerry.Wang
Team Leader
China China
Jerry is from China. He was captivated by computer programming since 13 years old when first time played with Q-Basic.



  • Windows / Linux & C++
  • iOS & Obj-C
  • .Net & C#
  • Flex/Flash & ActionScript
  • HTML / CSS / Javascript
  • Gaming Server programming / video, audio processing / image & graphics


Contact: vcer(at)qq.com
Chinese Blog: http://blog.csdn.net/wangjia184

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 21 Sep 2012

Article Copyright 2012 by Jerry.Wang
Everything else Copyright © CodeProject, 1999-2024

Web04 2.8:2024-04-02:1